Executive summary from Episode 1: Revealing Unknown OT Risks, of a 4 part OT Resilience Webinar Series.
If you are responsible for securing operational technology, the most dangerous assumption you can make is that your asset inventory is complete. According to independent research from e2e assure, the average organisation takes 52 days to detect a compromise in their OT environment. This executive summary distils the essential intelligence from Episode 1 of the OT Resilience Blueprint 2026 webinar series, featuring Dominic Carroll, Director of Portfolio Marketing at e2e assure, and Ed Suhler, Senior OT Cybersecurity SME at Trinity OT Security, a practitioner with nearly two decades of experience protecting industrial environments across government, defence, and critical national infrastructure.
The Threat Landscape Has Changed but Your OT Asset Visibility Has Not
Nation state threat actors are no longer a peripheral concern for critical infrastructure operators. The NCSC reported a 129% year-on-year increase in nation state attacks in 2025, while SANS ICS/OT research confirms that 40% of cyber attacks on OT environments caused direct operational disruption. The World Economic Forum’s Global Cybersecurity Outlook 2026 found that 64% of senior leaders now consider geopolitically motivated attacks to be among their highest concerns, with IT/OT/IoT convergence cited as a top risk driver by 42% of respondents. Yet despite the escalating threat, the average organisation still lacks the fundamental visibility needed to detect, let alone respond to, adversarial activity within their OT environment. Named threat actors including Frostygoop, IOControl, BAUXITE, and VOLTZITE are actively targeting industrial control systems; exploiting not sophisticated zero-days, but the basic absence of monitoring at the process control layer.
Why OT Asset Management Is Not an IT Problem
A persistent and costly misconception is that IT security tools and IT security mindsets can be applied wholesale to OT environments. They cannot. In OT, availability and safety are paramount, the risk calculus is fundamentally different. Where an IT team may prioritise confidentiality and tolerate brief downtime to contain a threat, an OT team must weigh every intervention against the potential for physical consequences. The Purdue Model (covering Levels 0 through 5 from physical process up to enterprise zone) provides a critical framework for understanding where assets exist, what they communicate with, and how risk should be stratified. Without this foundation, organisations are attempting to protect systems they cannot map, using tools that were not built for the environment they are operating in. The result is a proliferation of blind spots: legacy systems with no patch cadence, IT/OT convergence points that are undocumented, and entire process control layers that exist outside the scope of any current monitoring tool.
“If you don’t know what you have and you don’t know what it’s doing, it’s impossible to protect it. There are just too many places for things to happen.”
— Ed Suhler, Senior OT Cybersecurity SME, Trinity OT Security
The Four Pillars of OT Asset Visibility
Effective OT asset management rests on four interconnected capabilities: asset discovery, dependency mapping, behavioural baselining, and anomaly alerting. Getting these right is the foundation upon which every subsequent layer of your security posture depends. Passive monitoring, combined with dedicated OT sensors operating across the Purdue model from Level 0 upwards, enables organisations to build an accurate, living picture of their environment without disrupting operational processes. Critically, this data must extend beyond network-layer traffic. Understanding whether a physical signal corresponds to what a control system is reporting. For example, whether a valve position indicated by an HMI matches the analogue signal at the field device level, is what separates genuine situational awareness from a false sense of security. The regulatory imperative reinforces this urgency. NIS2 and the UK Cyber Assessment Framework (CAF 4.0) both mandate structured asset inventory, criticality and dependency mapping, ownership accountability, and lifecycle awareness as baseline compliance requirements. For organisations in energy, transport, utilities, manufacturing, and critical national infrastructure, the question is no longer whether to invest in OT asset visibility, it is how quickly that investment can be made.
“The diagrams organisations have represent what the environment looked like when they started — not what’s there today. This piece is extremely important before you can build any kind of protection and mitigation strategy.”
— Ed Suhler, Senior OT Cybersecurity SME, Trinity OT Security
What Good Looks Like: A Practical Starting Point
The webinar demystified what a credible starting position looks like for organisations at the beginning of this journey. Rather than attempting a comprehensive transformation, the most effective approach is to establish a baseline of passive monitoring across the highest-risk process control zones, identify assets that are undocumented or operating outside expected parameters, and build a prioritised register that supports both operational decision-making and regulatory compliance. Organisations should expect to find legacy systems not represented in existing diagrams, shadow connectivity introduced by engineers seeking operational convenience, and asset inventories that reflect how systems looked at commissioning rather than how they operate today. These are not failures — they are the expected starting conditions. What matters is having a structured, threat-led approach to resolving them.
“There’s nothing like getting on site and actually walking the systems. I’ve been in plants where I’ve found Wi-Fi connections that completely bypassed whatever security might have been in place — added purely for convenience.”
— Ed Suhler, Senior OT Cybersecurity SME, Trinity OT Security
Episode 1 includes a live demonstration of asset discovery and baselining within the CUMULO platform, a detailed walkthrough of the OT threat landscape with named threat actor analysis, and an in-depth discussion of NIS2 and CAF 4.0 asset management obligations. If you are responsible for OT security or cyber risk across critical infrastructure, this session will give you a clear, practical framework for where to start.
